What is the most popular password in the Pacific Northwest? Seahawks12, or some variation thereof, according to federal cybersecurity advisor Ronald Watters.

That hackers can easily guess potential security codes of local government employees who cheer for the local NFL team is just one of the many headaches with which Watters must contend in his effort to secure the region’s state, local, and tribal governments from digital threats.

Watters, who covers Alaska, Idaho, Oregon, and Washington for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, spoke on Thursday in downtown Seattle at a government cybersecurity forum hosted by news site Route Fifty. He described his mission in stark terms that any politician can understand: “I’m here to make you more resilient so you don’t end up above the fold in the Seattle Times.”

That threat is real, especially hefty ransomware payments that have cast an unfavorable spotlight on cities such as Atlanta and Baltimore in the past 18 months.

The Washington state experience tracks with what Kevin Brennan, a special agent with the FBI’s Seattle field office, has observed.

“Ransomware has shifted from the corporate environment to nonprofits and governments,” he said.

The private sector has largely made the necessary investments to secure their systems in light of the toll on profits, he said, but governments have lagged behind and shown a willingness to pay ransoms in the four-to-five figure range. However, with hackers increasingly demanding six-to-seven figure ransoms, he sees an increased need for government officials to beef up their proactive cybersecurity measures.

But cash-strapped local governments struggle to justify those investments. Watters described a hypothetical scenario in which a county IT department — which could be just one person in a smaller jurisdiction — requests $145,000 for an IPS, IDS, and a web proxy.

“The commissioner is going to ask ‘why?’ because they’ve never been hacked,” Watters said. “The correct phase is: You haven’t been hacked yet.”

At the same time, Watters cautioned that purchasing big-ticket cybersecurity products will not solve the problem alone.

“Don’t put in your budget money for a Forescout device at $245,000 and not budget $40,000 to train the people to operate the $245,000 device — or you have a really pretty box that blinks at you,” he said.

Even for relatively well-resourced jurisdictions, simple nudges that affect behavior at the keyboard and keep employees on high alert can be far more effective than expensive cybersecurity bells and whistles.

“We want to make sure the county leaders understand and send the message that we are the first line of defense,” said Snohomish County Chief Information Officer Viggo Forde.

He cited the recent installation of an industry-standard banner on Office 365 that informs users when a message originates from an outside organization. Those kinds of decisions, he said, “start the water cooler and lunch table talk where everyone complains about the banner that IT forces on them.” But those minor annoyances have paid off with several recent near misses from phishing attacks.

“Because of the alert behavior that individuals demonstrated, it allowed us to react much more quickly than we otherwise could have,” Forde said.

Watters, who has worked with dozens of Pacific Northwest governments on improving their cybersecurity, underscored the national resource for local governments facing cyberthreats, the Department of Homeland Security-sponsored Multi-State Information Sharing & Analysis Center.

His counterpart at the Secret Service’s Seattle field office, Assistant Special Agent in Charge Michael Germain, pointed to a regional standout that he advised: Montana-based Flathead Electric Cooperative, which he said faces up to 5,000 attacks daily.

“For an electric co-op, they have a very robust cybersecurity program right down to the linemen who are stringing power lines for them on a daily basis,” he said. “They host biannual training on cybersecurity. That’s their culture.”

If an electric co-op can institutionalize cybersecurity awareness, then it seems any local government entity can take a more defensive posture.

For the past three years, Joseph Williams has been advising Washington Gov. Jay Inslee on tech policy. In that time he saw the number of spots for computer science students at state universities double and promoted the growth of new technologies, like blockchain and AI, in the Washington tech ecosystem.

Now Williams is ready for something new.

On Monday he takes over as director of the Pacific Northwest National Laboratory’s Seattle office. A big part of his role will be helping the Seattle office form its own identity and mission, rather than just functioning as an extension of the national lab facility in Richland, Wash.

“Given its location, it’ll be an urban lab and it’ll be the first of the national labs to actually embrace its urban setting and celebrate it, use it as a recruiting point, and an engagement point,” Williams said.

“In the future, as we’re looking at cyber warfare or nuclear detection, the kinds of scientists that we’ll be looking to hire, they tend to fit a younger profile,” Williams said. “There is a millennial, Gen Z affinity for an urban lifestyle.”

As the state’s sector lead for information and communications technology, Williams played a critical role in Inslee’s efforts to expand internet access to rural areas and create a new statewide broadband office.

In addition to expanding internet access, he hoped to spread some of the tech industry prosperity concentrated in the Seattle region to other parts of the state.

“We were not as effective at doing that as we had set out to be,” he said.

His hope is that his successor and the Commerce Department will continue his work to bridge the rural-urban divide.

With hundreds of federal agencies eager to modernize their processes, competition in government tech is hot. Take the Department of Defense’s JEDI contract, a $10 billion cloud migration project that has spawned a fierce contest among the nation’s biggest tech companies and a high-profile lawsuit.

But the Microsoft’s and Amazon’s of the world aren’t the only ones making play for government dollars. Smaller tech companies like Seattle-based Smartsheet are just as eager to get in on the action.

Today the company is officially launching Smartsheet Gov, a tool that allows government agencies to collaborate and manage their workflows. The software offers secure information sharing and automates common tasks that public servants perform.

Smartsheet Gov has been in beta testing since February by several government agencies, including NOAA and NASA. In April, Smartsheet became the first workplace management tool to receive a government-awarded IT security credential known as FedRAMP.

The new tools will be unveiled today during the Amazon Web Services Public Sector Summit. Smartsheet Gov was built using Amazon Web Services GovCloud, a designation Amazon gives to cloud server regions with increased security for sensitive data. Gene Farrell, Smartsheet’s product chief, called AWS “a great partner on this journey,” in a statement.

Despite that friendly tone, Amazon and Smartsheet haven’t always been on the same team. The two Seattle companies found themselves on opposite sides of a legal dispute in 2017 that centered around Farrell.

That year, Farrell left his role as Amazon’s vice president of AWS Enterprise Applications and took a job as Smartsheet’s new chief product officer. Amazon sued, claiming the career change violated a non-competition agreement Farrell had signed with the retail giant. Amazon dropped the lawsuit shortly thereafter.

Smartsheet launched in 2005 and went public in 2018, raising $150 million in its initial public offering. The company has made three acquisitions in its quest to dominate the workplace collaboration industry.

Amazon will continue to sell its facial recognition technology to law enforcement agencies without oversight after two shareholder resolutions were voted down Wednesday at the company’s annual investor meeting.

The resolutions would have prevented Amazon from selling the software to government agencies without board approval and directed the board to commission an independent study of the technology’s potential threats to civil liberties.

“A long history of other surveillance technologies shows that face surveillance is certain to be disproportionately aimed at immigrants, religious minorities, people of color, activists, and other vulnerable communities,” said the ACLU’s Shankar Narayan during the meeting.

The event drew more protestors than in years past, including activists from La Resistencia, a group working to end the detention and deportation of immigrants. They showed up Wednesday to demand Amazon refrain from selling its Rekognition software to Immigrations and Customs Enforcement (ICE).

“They’re contributing to the expansion of detention,” said Maru Mora Villalpando, an activist with La Resistencia. “We have reached the maximum number, ever, of people detained throughout the nation … we believe that Amazon is harming our communities if they continue with their push of selling this software to ICE.”

Amazon is opaque about its relationship with ICE. Last October, the Project on Government Oversight released emails between Amazon and ICE officials obtained through a public records request that revealed a meeting between the agency and company over the summer. An unnamed Amazon employee said the company was “ready and willing to support the [Homeland Security Investigations] mission,” in the emails.

When the emails were released, an ICE spokesperson told the Washington Post that “industry outreach and building relationships with potential contractors is fairly standard within government acquisition.” ICE did not have a contract with Amazon at the time, according to public procurement data.

“ICE’s Homeland Security Investigations has used facial recognition in the past to assist during the course of criminal investigations related to fraudulent activities, identity theft and child exploitation crimes, and the component will continue to explore cutting-edge technology to compliment criminal investigations going forward,” ICE spokesperson Matthew Bourke told GeekWire in December.

Amazon did not immediately respond to our request to comment for this story.

Law enforcement use of facial recognition technology has become a lightning rod, drawing criticism from activists and politicians. Just today, the U.S. House Oversight Committee held a hearing on government use of the technology.

“Right now companies, governments, agencies can essentially steal or use your biometric data from you without your consent and this is outrageous,” said Rep. Alexandria Ocasio-Cortez during the hearing. “Because this is America and we have a right to privacy.”

Facial recognition is also a hot button issue in the other Washington, where Amazon is based. Earlier this year, lawmakers in Washington state tried to pass a data privacy bill that would have imposed new regulations on companies developing facial recognition software and governments using it. The bill was not ultimately passed.

Facial recognition was just one of the issues that Amazon shareholders voted on Wednesday. There were 11 total resolutions, more than any other public company in 2019. They covered a range of issues, including a climate change push backed by more than 7,600 employees, pay equity, and a call for an independent board chair. All 11 resolutions were voted down.

About Us

CIO Index is the world's largest professional network for CIOs - of the CIO, for the CIO, by the CIO.

Over 75,000 CIOs and other IT Executives use CIO Index to Learn, Network and Share.